I purchased a centos 8 based VPS from Contabo a few months ago, and haven't really gotten the time to get my hands on it up until now.
What looks intriguing from the session start, is that my fresh/yet-unused VPS was under constant attack during all this time . When I ssh the server (password login), I read this on my screen:
Contabo support recommended I'd switch to ssh-key based login, which I am currently trying to setup.There were 332321 failed login attempts since the last successful login.
In fact I am far from being confident with Linux, currently learning Linux user administration, and came across /etc/passwd as I am following through a tutorial. The first question stuck in my head, is how do I know my VPS is not already compromised. This is the output I get out of
Code: Select all
cat /etc/passwd
Code: Select all
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
polkitd:x:998:996:User for polkitd:/:/sbin/nologin
unbound:x:997:995:Unbound DNS resolver:/etc/unbound:/sbin/nologin
sssd:x:996:993:User for sssd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
chrony:x:995:992::/var/lib/chrony:/sbin/nologin
I have not yet created any user myself, I'm still using the default root user provided out of the box by Contabo.